nix-dotfiles/systems/palatine-hill/loki.nix

{
  config,
  lib,
  pkgs,
  ...
}:

let
  vars = import ./vars.nix;
  loki_storage = vars.primary_loki;
in
{
  # loki: port 3030 (8030)
  #
  services = {
    loki = {
      enable = true;
      configuration = {
        server.http_listen_port = 3030;
        # auth_enabled = false;

        ingester = {
          lifecycler = {
            address = "127.0.0.1";
            ring = {
              kvstore = {
                store = "inmemory";
              };
              replication_factor = 1;
            };
          };
          chunk_idle_period = "1h";
          max_chunk_age = "1h";
          chunk_target_size = 999999;
          chunk_retain_period = "30s";
          max_transfer_retries = 0;
        };

        schema_config = {
          configs = [
            {
              from = "2023-07-01";
              store = "tsdb";
              object_store = "aws";
              schema = "v13";
              index = {
                prefix = "index_";
                period = "24h";
              };
            }
          ];
        };

        storage_config = {
          tsdb_shipper = {
            active_index_directory = "${loki_storage}/boltdb-shipper-active";
            cache_location = "${loki_storage}/boltdb-shipper-cache";
            cache_ttl = "24h";
            shared_store = "filesystem";
          };

          aws = {
            directory = "${loki_storage}/chunks";
            s3 = "s3://access_key:\${LOKI_S3_KEY}@custom_endpoint/bucket_name";
          };
        };

        limits_config = {
          reject_old_samples = true;
          reject_old_samples_max_age = "168h";
        };

        chunk_store_config = {
          max_look_back_period = "0s";
        };

        table_manager = {
          retention_deletes_enabled = false;
          retention_period = "0s";
        };

        compactor = {
          working_directory = loki_storage;
          shared_store = "filesystem";
          compactor_ring = {
            kvstore = {
              store = "inmemory";
            };
          };
        };
      };
      # user, group, dataDir, extraFlags, (configFile)
    };

    # promtail: port 3031 (8031)
    #
    promtail = {
      enable = true;
      configuration = {
        server = {
          http_listen_port = 3031;
          grpc_listen_port = 0;
        };
        positions = {
          filename = "/tmp/positions.yaml";
        };
        clients = [
          {
            url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
          }
        ];
        scrape_configs = [
          {
            job_name = "journal";
            journal = {
              max_age = "12h";
              labels = {
                job = "systemd-journal";
                host = "pihole";
              };
            };
            relabel_configs = [
              {
                source_labels = [ "__journal__systemd_unit" ];
                target_label = "unit";
              }
            ];
          }
        ];
      };
      # extraFlags
    };

    # grafana: port 3010 (8010)
    #
    grafana = {
      port = 3010;
      # WARNING: this should match nginx setup!
      # prevents "Request origin is not authorized"
      rootUrl = "http://192.168.1.10:8010"; # helps with nginx / ws / live

      protocol = "http";
      addr = "127.0.0.1";
      analytics.reporting.enable = false;
      enable = true;

      provision = {
        enable = true;
        datasources = [
          {
            name = "Prometheus";
            type = "prometheus";
            access = "proxy";
            url = "http://127.0.0.1:${toString config.services.prometheus.port}";
          }
          {
            name = "Loki";
            type = "loki";
            access = "proxy";
            url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
          }
        ];
      };
    };
  };

  /*
    # nginx reverse proxy
    services.nginx = {
      enable = true;
      recommendedProxySettings = true;
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
      # recommendedTlsSettings = true;

      upstreams = {
        "grafana" = {
          servers = {
            "127.0.0.1:${toString config.services.grafana.port}" = {};
          };
        };
        "prometheus" = {
          servers = {
            "127.0.0.1:${toString config.services.prometheus.port}" = {};
          };
        };
        "loki" = {
          servers = {
            "127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}" = {};
          };
        };
        "promtail" = {
          servers = {
            "127.0.0.1:${toString config.services.promtail.configuration.server.http_listen_port}" = {};
          };
        };
      };

      virtualHosts.grafana = {
        locations."/" = {
          proxyPass = "http://grafana";
          proxyWebsockets = true;
        };
        listen = [{
          addr = "192.168.1.10";
          port = 8010;
        }];
      };

      virtualHosts.prometheus = {
        locations."/".proxyPass = "http://prometheus";
        listen = [{
          addr = "192.168.1.10";
          port = 8020;
        }];
      };

      # confirm with http://192.168.1.10:8030/loki/api/v1/status/buildinfo
      #     (or)     /config /metrics /ready
      virtualHosts.loki = {
        locations."/".proxyPass = "http://loki";
        listen = [{
          addr = "192.168.1.10";
          port = 8030;
        }];
      };

      virtualHosts.promtail = {
        locations."/".proxyPass = "http://promtail";
        listen = [{
          addr = "192.168.1.10";
          port = 8031;
        }];
      };
    };
  */

  systemd.services.loki.serviceConfig.environmentFile = config.sops.secrets."minio/loki".path;
  sops.secrets = {
    "minio/loki".owner = "root";
  };
}